Tuesday, May 3, 2011

Brute force attack and defensive measures

During this type of attack, the attacker is trying to bypass security mechanisms while having minimal knowledge about them. Using one or more accessible methods: dictionary attack (with or without mutations), brute-force attack (with given classes of characters e.g.: alphanumerical, special, case (in)sensitive) the attacker is trying to achieve his/her goal. Considering a given method, number of tries, efficiency of the system, which conducts the attack and estimated efficiency of the system which is attacked, the attacker is able to calculate how long the attack will have to last. Non brute-force attacks, on the other hand, which includes all classes of characters, give no certainty of success. 

TOP 5 tools :-
1)cain and abel
2) Johan the Ripper


Defensive Tools

Php-Brute-Force-Attack Detector
Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. This helps you quickly identify probable probing by bad guys who's wanna dig possible security holes.


Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Vamshi krishnam raju | Bloggerized by Vamshi krishnam raju - Vamshi krishnam raju | Vamshi krishnam raju